Bug 796694

Summary: update qpidd documentation on wiki for ssl and selinux
Product: [Retired] Pulp Reporter: James Slagle <jslagle>
Component: z_otherAssignee: Jeff Ortel <jortel>
Status: CLOSED WORKSFORME QA Contact: Preethi Thomas <pthomas>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: mhrivnak
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-27 14:45:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description James Slagle 2012-02-23 14:07:12 UTC 
Need to make sure https://fedorahosted.org/pulp/wiki/QPID is up to date.  Also, should probably add to that page the SELinux policy changes that are needed for the configuration that is shown on that page.

I also think we need to make it clear in the user guide somewhere that Pulp/Consumer and Pulp/CDS communication is not secure unless these steps are taken to secure qpidd.  We say in our installation and user guide:

* 5672 for non-ssl or 5674 for SSL message bus connections 

But, that doesn't really indicate that SSL is not used.  In fact, it might even lead some to believe that SSL *is* used.  If we decide to continue to not enable SSL by default, I think we should remove mention of port 5674 here completely.  Why mention the port at all in the default installation instructions?  You actually make yourself more insecure by just opening up ports for no reason.

We should probably just provide guidance to the wiki page I mentioned above on how to setup SSL and SELinux for qpidd.
Comment 1 Michael Hrivnak 2013-09-27 14:45:36 UTC 
Our installation instructions now make all of this clear, and they link to this: https://pulp-user-guide.readthedocs.org/en/pulp-2.2/qpid.html#qpid-ssl-configuration

Please re-open if you think this is still a problem.